+ All Categories
Home > Documents > Internet Security 1 ( IntSi1 )

Internet Security 1 ( IntSi1 )

Date post: 22-Mar-2016
Category:
Upload: cira
View: 42 times
Download: 0 times
Share this document with a friend
Description:
Internet Security 1 ( IntSi1 ). 13 Virtual Private Networks. Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA). Communication layers. Security protocols. Application layer. ssh , S/MIME, PGP, Kerberos , WSS. Transport layer. TLS, [SSL]. - PowerPoint PPT Presentation
Popular Tags:
28
Andreas Steffen, 5.12.2011, 13-VPN.pptx 1 Internet Security 1 (IntSi1) Prof. Dr. Andreas Steffen Institute for Internet Technologies and Applications (ITA) 13 Virtual Private Networks
Transcript
Page 1: Internet  Security  1  ( IntSi1 )

Andreas Steffen, 5.12.2011, 13-VPN.pptx 1

Internet Security 1 (IntSi1)

Prof. Dr. Andreas Steffen

Institute for Internet Technologies and Applications (ITA)

13 Virtual Private Networks

Page 2: Internet  Security  1  ( IntSi1 )

Andreas Steffen, 5.12.2011, 13-VPN.pptx 2

Layer 2 versus Layer 3 versus Layer 4

Application layer ssh, S/MIME, PGP, Kerberos, WSS

Transport layer TLS, [SSL]

Network layer IPsec

Data Link layer [PPTP, L2TP], IEEE 802.1X,IEEE 802.1AE, IEEE 802.11i (WPA2)Physical layer Quantum Communications

Communication layers

Security protocols

Page 3: Internet  Security  1  ( IntSi1 )

Andreas Steffen, 5.12.2011, 13-VPN.pptx 3

Internet Security 1 (IntSi1)

13.1 Point-to-Point Protocol

(PPP)

Page 4: Internet  Security  1  ( IntSi1 )

Andreas Steffen, 5.12.2011, 13-VPN.pptx 4

PPPPPP

EncapsulationIP, IPX Payload

PSTN (POTS / ISDN)IP, IPX Payload

Private Network

Public Switched Telephone Network

Remote Client

Remote Access Server

• Authentication using PAP (password), CHAP (challenge/response), or the Extensible Authentication Protocol (EAP) supporting e.g. token cards

• Optional PPP packet encryption (ECP) using preshared secrets• Individual PPP packets are not authenticated• The Link Control Protocol (LCP), as well as EAP and ECP are not

protected !!

PPP–based Remote Access using Dial–In

Page 5: Internet  Security  1  ( IntSi1 )

Andreas Steffen, 5.12.2011, 13-VPN.pptx 5

The PPP Encryption Control Protocol (ECP)

• The Encryption Control Protocol (ECP, RFC 1968) uses the same packet exchange mechanism as the Link Control Protocol (LCP, RFC 1661).

• ECP packets may not be exchanged until PPP has reached the Network-Layer Protocol phase and should wait for an optional Authentication phase.

• Exactly one ECP packet is encapsulated in the PPP Information field,where the PPP Protocol field indicates type 0x8053.

• An encrypted packet is encapsulated in the PPP Information field, where the PPP Protocol field indicates type 0x0053 (Encrypted datagram).

• Compression may also be negotiated using the Compression Control Protocol (CCP, RFC 1962).

• ECP implementations should use the PPP Triple-DES Encryption Protocol (3DESE, RFC 2420). DES-EDE3-CBC with a 168 bit key is used.

0x8053 Code ID Length ECP Options (algorithm, IV)

Seq. Nr0x0053 Ciphertext

Page 6: Internet  Security  1  ( IntSi1 )

Andreas Steffen, 5.12.2011, 13-VPN.pptx 6

The PPP Extensible Authentication Protocol (EAP)

• Some of the authentication types supported by EAP (RFC 2284): 1 Identity 4 MD5-Challenge 5 One-Time Password (OTP, RFC 2289) 6 Generic Token Card 9 RSA Public Key Authentication 13 EAP-TLS (RFC 2716, supported by Windows XP)15 RSA Security SecurID EAP17 EAP-Cisco Wireless18 Nokia IP smart card authentication23 UMTS Authentication and Key Argreement24 EAP-3Com Wireless25 PEAP (Protected EAP, supported by Windows XP)29 EAP-MSCHAP-V2 (supported by Windows XP)35 EAP-Actiontec Wireless 36 Cogent Systems Biometrics Authentication EAP

0xC227 Code ID Length Type Data

feurioCert.p12

Page 7: Internet  Security  1  ( IntSi1 )

Andreas Steffen, 5.12.2011, 13-VPN.pptx 7

Internet Security 1 (IntSi1)

13.2 Layer 2/3/4 VPNs

Page 8: Internet  Security  1  ( IntSi1 )

Andreas Steffen, 5.12.2011, 13-VPN.pptx 8

Layer 2 Tunneling Protocol (L2TP)

IP, IPX Payload

Private Network

InternetIP

ISP NASRemote Client

Network Access Server

PSTN

PPP over PSTNPPP IP, IPX Payload

PSTN

Layer 2

IP UDP Port 1701 over IPUDP L2TP PPP IP, IPX PayloadLayer 3

L2TP LNSLAC L2TPTunnelPPP IP, IPX Payload

Compulsory Mode

Page 9: Internet  Security  1  ( IntSi1 )

Andreas Steffen, 5.12.2011, 13-VPN.pptx 9

Layer 2 Tunneling Protocol (L2TP)Voluntary Mode

UDP Port 1701 over IP

IP UDP L2TP PPP IP, IPX Payload

IP, IPX Payload

Private Network

InternetIP

ISP NASRemote Client

Network Access Server

PSTN

L2TP LNSLAC L2TPTunnelPPP IP, IPX Payload

Layer 2 Connection (Wire)

PPP PPP over PSTNIP UDP L2TP PPP IP, IPX Payload

PSTN

Page 10: Internet  Security  1  ( IntSi1 )

Andreas Steffen, 5.12.2011, 13-VPN.pptx 10

Layer 3 Tunnel based on IPSec

IP Payload

Private Network

InternetIP

ISPVPN Client VPN Gateway

PSTN

IPsec TunnelIP ESP IP Payload

PPP

PSTN

IP ESP IP Payload

Page 11: Internet  Security  1  ( IntSi1 )

Andreas Steffen, 5.12.2011, 13-VPN.pptx 11

L2TP over IPsec (RFC 3193) – Voluntary Mode

IP ESP IPSecTransport

ModeUDP L2TP PPP IP, IPX Payload

IP, IPX Payload

Private Network

InternetIP

ISP NASRemote Client

Network Access Server

PSTN

L2TP LNSLAC L2TPTunnelPPP IP, IPX Payload

Layer 2 Connection (Wire)

PPP PPP over PSTNIP ESP UDP L2TP PPP IP, IPX Payload

Page 12: Internet  Security  1  ( IntSi1 )

Andreas Steffen, 5.12.2011, 13-VPN.pptx 12

IP Payload

Private Network

InternetIP

ISPSSL/TLSBrowser with Plugin SSL/TLS Proxy Server

PSTN

PPP IP

PSTN

TCP* SSL IP Payload

SSL/TLSTunnelIP TCP* SSL IP Payload

Layer 4 Tunnel based on SSL/TLS

*OpenVPN uses SSL over UDP

Page 13: Internet  Security  1  ( IntSi1 )

Andreas Steffen, 5.12.2011, 13-VPN.pptx 13

• Layer 2 – L2TPSame login procedure as PPP (preshared secrets, RADIUS, etc.)Same auxiliary information as with PPP (virtual IP, DNS/WINS

servers) No strong security without IPsec, LCP can be cheated into

establishing no encryption. Non-authenticated L2TP packets prone to replay attacks.

• Layer 3 – IPSecCryptographically strong encryption and authentication of VPN

tunnelCan negotiate and enforce complex VPN access control policiesXAUTH and IKEv2-EAP authentication offer PPP-like featuresDoes not allow the tunneling of non-IP protocols (IPX, etc.)Complex connection setup, PKI management overhead

• Layer 4 - TLSClientless and simple: Internet Browser plus Java Applets or

Plugin.Cryptographically strong encryption and authentication of VPN

tunnelAccess to certain applications need special plugin (still

clientless?)

Layer 2/3/4 VPNs – Pros and Cons

Page 14: Internet  Security  1  ( IntSi1 )

Andreas Steffen, 5.12.2011, 13-VPN.pptx 14

Internet Security 1 (IntSi1)

13.3 Multi-Protocol LabelSwitching (MPLS)

Page 15: Internet  Security  1  ( IntSi1 )

Andreas Steffen, 5.12.2011, 13-VPN.pptx 15

IP-Network of a Service Provider

MPLS based Virtual Private Networks

IPL A

IPL AL 1

IPL AL 3

IPL AL 5

IPL BIPL B

IPL BL 2

IPL BL 4

IPL BL 6

IPL A

User B

E1

E2

E3

E4

N1 N3

User A

User B

User A

Page 16: Internet  Security  1  ( IntSi1 )

Andreas Steffen, 5.12.2011, 13-VPN.pptx 16

MPLS Layer 2 Shim Header (RFC 3032)

20 Bits

Class of Service, 3 Bits

Bottom of Stack, 1 Bit

Time to Live, 8 Bits

Label CoS B TTL

4 Bytes

Page 17: Internet  Security  1  ( IntSi1 )

Andreas Steffen, 5.12.2011, 13-VPN.pptx 17

Internet Security 1 (IntSi1)

13.4 IPsec Transport Mode

Page 18: Internet  Security  1  ( IntSi1 )

Andreas Steffen, 5.12.2011, 13-VPN.pptx 18

Internet

IPsec – Transport Mode

194.230.203.86 160.85.128.3

IP connectionsecure

• IP datagrams should be authenticated• IP datagrams should be encrypted and authenticated

Page 19: Internet  Security  1  ( IntSi1 )

Andreas Steffen, 5.12.2011, 13-VPN.pptx 19

IPsec – Transport ModeIP Authentication Header (AH)

• IP protocol number for AH: 51• Mutable fields: Type of Service (TOS), Fragment Offset,

Flags, Time to Live (TTL), IP header checksum

OriginalIP Header

TCPHeader DataIPv4

Before applying AH

AH: RFC 4302

After applying AH

IPv4

authenticatedexcept for mutable fields

OriginalIP Header

AHHeader

TCPHeader Data

Page 20: Internet  Security  1  ( IntSi1 )

Andreas Steffen, 5.12.2011, 13-VPN.pptx 20

IPsec – Transport ModeIP Encapsulating Security Payload (ESP)

• IP protocol number for ESP: 50• ESP authentication is optional• With ESP authentication the IP header is not protected.

OriginalIP Header

TCPHeader DataIPv4

Before applying ESP

ESP: RFC 4303

OriginalIP Header

ESPHeader IPv4

After applying ESP

encryptedauthenticate

d

TCPHeader Data ESP

TrailerESPAuth

Page 21: Internet  Security  1  ( IntSi1 )

Andreas Steffen, 5.12.2011, 13-VPN.pptx 21

Internet Security (IntSi1)

13.5 IPsec Tunnel Mode

Page 22: Internet  Security  1  ( IntSi1 )

Andreas Steffen, 5.12.2011, 13-VPN.pptx 22

Internet

IPsec – Tunnel ModeVirtual Private Network (VPN)

10.1.0.2

10.1.0.3

10.1.0.1

Subnet10.1.0.0/16

10.2.0.2

10.2.0.3

10.2.0.1

Subnet10.2.0.0/16

194.230.203.86

160.85.180.0

SecurityGateway

SecurityGateway

secure IP tunnel

Page 23: Internet  Security  1  ( IntSi1 )

Andreas Steffen, 5.12.2011, 13-VPN.pptx 23

IPsec Tunnel Mode using ESP

OriginalIP Header

TCPHeader DataIPv4

Before applying ESP

• IP protocol number for ESP: 50• ESP authentication is optional but often used in place of

AH• Original IP Header is encrypted and therefore hidden

OuterIP Header

ESPHeader IPv4

After applying ESP

encryptedauthenticate

d

OriginalIP Header

TCPHeader Data ESP

TrailerESPAuth

Encapsulating SecurityPayload (ESP): RFC 4303

Page 24: Internet  Security  1  ( IntSi1 )

Andreas Steffen, 5.12.2011, 13-VPN.pptx 24

ESP Header (Initial Header / Payload / Trailer)

encrypted

authenticated

After applying ESP

Security Parameters Index (SPI)

Anti-Replay Sequence Number

Payload Data (variable, including IV)

Padding (0-255 bytes)

Authentication Data (variable)

0 1 2 3 4 bytes

Next HeaderPad Length

Page 25: Internet  Security  1  ( IntSi1 )

Andreas Steffen, 5.12.2011, 13-VPN.pptx 25

IPsec Tunnel Mode CBC Packet Overhead

Outer IP Header

AES_XCBC_96HMAC_SHA1_96

SPI / Seq. Number3DES_CBC IVAES_CBC IV

3DES_CBC max PadAES_CBC max Pad

Pad Len / Next Header

HMAC_SHA2_256_128HMAC_SHA2_384_192HMAC_SHA2_512_256

2088

167

15

122

12162432

1212

1624

32

1212

1624

32

20 20 20 20 20 20 20 20 20 208 8 8 8 8 8 8 8 8 88 8 8 8 8

16 16 16 16 167 7 7 7 7

15 15 15 15 152 2 2 2 2 2 2 2 2 2

50 50 54Best Case Overhead 62 70 58 58 62 70 78BytesWorst Case Overhead 57 57 61 69 77 73 73 77 85 93

Page 26: Internet  Security  1  ( IntSi1 )

Andreas Steffen, 5.12.2011, 13-VPN.pptx 26

Authenticated Encryption with Associated Data (AEAD)

• AEAD is based on specialblock cipher modes:

• Block size: 128 bits• Key size: 128/256 bits• Tag size : 128/96/64 bits• Nonce size: 96 bits

32 bits 64 bits 32 bits

• Recommended AEAD Modes: AES-Galois/Counter ModeAES-GMAC (auth. only)

• Alternative AEAD Modes:AES-CCMCAMELLIA-GCMCAMELLIA-CCM

Salt IV Counter

Salt IV 0 Salt IV 1 Salt IV 2

Key K Key K

Hash Subkey H

0………………..0

Key K

Hash Subkey Derivation

Page 27: Internet  Security  1  ( IntSi1 )

Andreas Steffen, 5.12.2011, 13-VPN.pptx 27

IPsec Tunnel Mode AEAD Packet Overhead

Outer IP Header

AES_GCM_96 TagAES_GCM_64 Tag

Security Parameter IndexAES_GCM IVAES_CNT max Pad

Pad Len / Next Header

20883

82

128

12

20 20 208 8 88 8 8

2 2 2

46 50 54Best Case Overhead

BytesWorst Case Overhead 49 53 57

3 3 3

AES_GCM_128 Tag 16 16

Additional Authenticated Data:

Sequence Number

0 1 2 3

Security Parameter IndexExtended

Sequence Number

0 1 2 3

SPI / Seq. Number

or

Page 28: Internet  Security  1  ( IntSi1 )

Andreas Steffen, 5.12.2011, 13-VPN.pptx 28

IPsec Tunnel Mode using AH

OriginalIP Header

TCPHeader DataIPv4

Before applying AH

• IP protocol number for AH: 51• Mutable fields: Type of Service (TOS), Fragment Offset,

Flags, Time to Live (TTL), IP header checksum• ESP can be encapsulated in AH

OuterIP Header

AH Header IPv4

After applying AH

authenticated

OriginalIP Header

TCPHeader Data

Authentication Header(AH): RFC 4302


Recommended